feat: scan maven aggregate projects

Author: gitphill

package-lock.json

@@ -118,7 +118,7 @@
     "snyk-go-plugin": "1.19.0",
     "snyk-gradle-plugin": "3.21.1",
     "snyk-module": "3.1.0",
-    "snyk-mvn-plugin": "2.30.0",
+    "snyk-mvn-plugin": "2.31.0",
     "snyk-nodejs-lockfile-parser": "1.38.0",
     "snyk-nuget-plugin": "1.23.5",
     "snyk-php-plugin": "1.9.2",

package.json

@@ -219,6 +219,7 @@ export function args(rawArgv: string[]): Args {
     'fail-on',
     'all-projects',
     'yarn-workspaces',
+    'maven-aggregate-project',
     'detection-depth',
     'reachable',
     'reachable-vulns',

src/cli/args.ts

@@ -17,6 +17,19 @@ export function showMultiScanTip(
   if (gradleSubProjectsTip) {
     return gradleSubProjectsTip;
   }
+  if (
+    projectType === 'maven' &&
+    foundProjectCount &&
+    foundProjectCount > 1 &&
+    !options.allProjects &&
+    !options.mavenAggregateProject
+  ) {
+    return (
+      'Tip: Detected Maven project, are you using modules? ' +
+      'Use --maven-aggregate-project to scan each project. ' +
+      'Alternatively use --all-projects to scan Maven and other types of projects.'
+    );
+  }
   const allProjectsTip = showAllProjectsTip(
     projectType,
     options,

src/lib/formatters/show-multi-scan-tip.ts

@@ -51,6 +51,7 @@ export async function getMultiPluginResult(
   } = await processYarnWorkspacesProjects(root, options, targetFiles);
   allResults.push(...scannedProjects);
   debug(`Not part of a workspace: ${unprocessedFiles.join(', ')}}`);
+
   // process the rest 1 by 1 sent to relevant plugins
   for (const targetFile of unprocessedFiles) {
     const optionsClone = cloneDeep(options);

src/lib/plugins/get-multi-plugin-result.ts

@@ -54,6 +54,7 @@ export interface Options {
   insecure?: boolean;
   'dry-run'?: boolean;
   allSubProjects?: boolean;
+  mavenAggregateProject?: boolean;
   'project-name'?: string;
   'show-vulnerable-paths'?: string;
   packageManager?: SupportedPackageManagers;
@@ -231,7 +232,8 @@ export type SupportedUserReachableFacingCliArgs =
   | 'strict-out-of-sync'
   | 'sub-project'
   | 'trust-policies'
-  | 'yarn-workspaces';
+  | 'yarn-workspaces'
+  | 'maven-aggregate-project';
 
 export enum SupportedCliCommands {
   version = 'version',

src/lib/types.ts

@@ -44,4 +44,10 @@ describe('showMultiScanTip', () => {
       ),
     ).toEqual('');
   });
+
+  it('maven without options and more than 1 file detected shows tip', () => {
+    expect(
+      showMultiScanTip('maven', { path: 'src', showVulnPaths: 'none' }, 2),
+    ).toMatch('Tip: Detected Maven project, are you using modules?');
+  });
 });